Pages

Saturday, December 4, 2010

Wikileaks Cablegate: An Information Security Case Study

The Wikileaks Cablegate fiasco will be used as an information security case study and eye opener to everyone in the security community. Despite how you feel about the leaks one thing is for sure, the protection of data has to increase.

Here are a few topics from Cablegate that should be thoroughly reviewed and studied from an InfoSec insight:

How did 250,000 classified records make there way out of the secure DoD SIPRNet and NIPRNet networks and onto wikileaks for public disclosure? How can the DoD go through all the work of creating a secured network and than not establish a secured data leakage protection program? According to one report there were too many users on these networks with promiscuous permissions that allowed DoD classified computers to deploy removable media, such as USB drives with write capability. I'm sure we'll see DLP solutions being marketed heavily by vendors within the next year all the while using Cablegate as a major marketing push.

The Wikileaks.org website has sustained an incredible amount of DDOS attacks against its domain before and after publishing the Cablegate records. They were being hit with a steady 10Gbps of network traffic forcing them to host their domain with Amazons webservers. This was an interesting choice because they used the cloud to mitigate the DDOS traffic. They were than dropped shortly after by Amazon and their DNS provider EveryDNS.com stating that they were dropping the domain due to the amount of traffic that was destined to it. They supposedly dropped the domain because it was causing outages for other clients that were utilizing their services.

The real reason is most likely due to having pressure from United States Senators lobbying to have this site removed, and they were successful in doing just that. Having no where to go they brought up the site www.wikileaks.ch which is a Swiss domain that is being hosted out of Sweden. I find this particularly interesting in two way: (1) Both of these countries are neutral and are in the mindset to "stay out" of other countries affairs, giving Wikileaks more of a chance to stay on-line by having these countries fight their political battles. (2) Now that they aren't affiliated with any American company its going to be harder for the United States to peruse legal action against them. It seems that America might have accidentally protected wikileaks by forcing it out of its jurisdiction.